Skip to content

Commit

Permalink
Sanitize the highlight contact id (#1160)
Browse files Browse the repository at this point in the history 
* Sanitize also parameter

* Formatting

Co-authored-by: Adrià Casajús <[email protected]>
  • Loading branch information
@acasajus
acasajus and acasajus authored Jul 15, 2022
1 parent 67be5ba commit bcd4383
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
6 changes: 5 additions & 1 deletion app/dashboard/views/alias_contact_manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,11 @@ def delete_contact(alias: Alias, contact_id: int):
def alias_contact_manager(alias_id):
highlight_contact_id = None
if request.args.get("highlight_contact_id"):
highlight_contact_id = int(request.args.get("highlight_contact_id"))
try:
highlight_contact_id = int(request.args.get("highlight_contact_id"))
except ValueError:
flash("Invalid contact id", "error")
return redirect(url_for("dashboard.index"))

alias = Alias.get(alias_id)

Expand Down
1 change: 1 addition & 0 deletions server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ def load_user(alternative_id):
user = User.get_by(alternative_id=alternative_id)
if user and user.disabled:
return None
sentry_sdk.set_user({"email": user.email, "id": user.id})

return user

Expand Down

0 comments on commit bcd4383

Please sign in to comment.